An AI agent for static code analysis, my engineering thesis. Capable of finding security vulnerabilities in the code and proposing fixes.
The program is a static code analysis agent, which uses the GPT-4 model to generate a report on the quality of the code and propose fixes. It's main focus is the security of the code, later this will be extended. The program is written in Python, and the GPT-4 model is provided by OpenAI. The program is designed to be run from the command line, and the results are saved in a markdown file. The program can be run with the following arguments:
> ./main.py -h
usage: main.py [-h] [-v] [-m MODEL] [-o OUTPUT] [-t TESTS] [-c] [--command COMMAND] [--language LANGUAGE] directory
GPTESTER | Static Code Analysis Agent
positional arguments:
directory Path to the directory to scan
options:
-h, --help show this help message and exit
-v, --verbose Print out all the outputs and steps taken
-m MODEL, --model MODEL
Choose the LLM model for code analysis, default: "gpt-4-1106-preview"
-o OUTPUT, --output OUTPUT
Output the results to a file, default: "raports/{name_of_parent_folder}_{timestamp}_raport.md"
-t TESTS, --tests TESTS
Provide a path to functional tests to run on the project
-c, --codeql Use codeql to enhance the scan, REQUIRED to install CodeQL-CLI console tool
--command COMMAND Provide a build command to run the project for codeql, if no cmake or other file present in the project root directory, default: "make"
--language LANGUAGE Provide a programming language of the project for codeql, default: "cpp"
===
pip install -r requirements.txt
cd gptester
python main.py -h
or
cd gptester
chmod +x main.py
./main.py --help
===
- Basic functionality
- CodeQL integration
- LATEX and writing the thesis
- Updating the codebase with git and patch files - not practical for research purposes
- [ ]
- properly implementing tests
- Adding more languages for codeql